From 89bf4c04009e5bb92ab688e53fd09ae1edf369cc Mon Sep 17 00:00:00 2001 From: pepov Date: Thu, 24 May 2018 16:15:55 +0200 Subject: [PATCH] NIFI-5247 nifi-toolkit bash entry points should leverage exec to replace bash with the current java process in order to handle signals properly in docker. - Also add bash, openssl, jq to make certificate request operations easier - Move project.version to the build config from the Dockerfile, use target/ folder for the build dependency - Docker integration tests for checking exit codes and tls-toolkit basic server-client interaction --- .../nifi-toolkit-assembly/docker/Dockerfile | 6 ++-- .../docker/Dockerfile.hub | 2 +- .../docker/sh/docker-entrypoint.sh | 2 +- .../docker/tests/exit-codes.sh | 35 +++++++++++++++++++ .../docker/tests/tls-toolkit.sh | 17 +++++++++ nifi-toolkit/nifi-toolkit-assembly/pom.xml | 35 +++++++++++++++++++ .../src/main/resources/bin/cli.sh | 3 +- .../src/main/resources/bin/encrypt-config.sh | 3 +- .../src/main/resources/bin/file-manager.sh | 3 +- .../src/main/resources/bin/flow-analyzer.sh | 3 +- .../src/main/resources/bin/node-manager.sh | 3 +- .../src/main/resources/bin/notify.sh | 3 +- .../src/main/resources/bin/s2s.sh | 3 +- .../src/main/resources/bin/tls-toolkit.sh | 3 +- .../src/main/resources/bin/zk-migrator.sh | 3 +- 15 files changed, 102 insertions(+), 22 deletions(-) create mode 100755 nifi-toolkit/nifi-toolkit-assembly/docker/tests/exit-codes.sh create mode 100755 nifi-toolkit/nifi-toolkit-assembly/docker/tests/tls-toolkit.sh diff --git a/nifi-toolkit/nifi-toolkit-assembly/docker/Dockerfile b/nifi-toolkit/nifi-toolkit-assembly/docker/Dockerfile index 5e7e286f9bd1..770b12cc7852 100644 --- a/nifi-toolkit/nifi-toolkit-assembly/docker/Dockerfile +++ b/nifi-toolkit/nifi-toolkit-assembly/docker/Dockerfile @@ -21,7 +21,7 @@ LABEL maintainer="Apache NiFi " ARG UID=1000 ARG GID=1000 -ARG NIFI_TOOLKIT_VERSION=${project.version} +ARG NIFI_TOOLKIT_VERSION= ARG NIFI_TOOLKIT_BINARY=nifi-toolkit-${NIFI_TOOLKIT_VERSION}-bin.tar.gz ENV NIFI_TOOLKIT_BASE_DIR=/opt/nifi-toolkit @@ -30,7 +30,9 @@ ENV NIFI_TOOLKIT_HOME=${NIFI_TOOLKIT_BASE_DIR}/nifi-toolkit-${NIFI_TOOLKIT_VERSI ADD ./sh/docker-entrypoint.sh /opt/sh/docker-entrypoint.sh # Fix docker-entrypoint perms as per https://issues.apache.org/jira/browse/MRESOURCES-236 and Setup NiFi user -RUN chmod +x /opt/sh/docker-entrypoint.sh \ +RUN apk add --update curl bash jq openssl \ + && rm -rf /var/cache/apk/* \ + && chmod +x /opt/sh/docker-entrypoint.sh \ && addgroup -g $GID nifi \ && adduser -D -s /bin/ash -u $UID -G nifi nifi \ && mkdir -p ${NIFI_TOOLKIT_BASE_DIR} diff --git a/nifi-toolkit/nifi-toolkit-assembly/docker/Dockerfile.hub b/nifi-toolkit/nifi-toolkit-assembly/docker/Dockerfile.hub index 36d1e5f606f4..6b56651330fd 100644 --- a/nifi-toolkit/nifi-toolkit-assembly/docker/Dockerfile.hub +++ b/nifi-toolkit/nifi-toolkit-assembly/docker/Dockerfile.hub @@ -32,7 +32,7 @@ ADD sh/docker-entrypoint.sh /opt/sh/docker-entrypoint.sh # Setup NiFi user # Download, validate, and expand Apache NiFi Toolkit binary. -RUN apk add --update curl \ +RUN apk add --update curl bash jq openssl \ && rm -rf /var/cache/apk/* \ && addgroup -g $GID nifi \ && adduser -D -s /bin/ash -u $UID -G nifi nifi \ diff --git a/nifi-toolkit/nifi-toolkit-assembly/docker/sh/docker-entrypoint.sh b/nifi-toolkit/nifi-toolkit-assembly/docker/sh/docker-entrypoint.sh index 28fb15d71585..05a0b31b84ee 100755 --- a/nifi-toolkit/nifi-toolkit-assembly/docker/sh/docker-entrypoint.sh +++ b/nifi-toolkit/nifi-toolkit-assembly/docker/sh/docker-entrypoint.sh @@ -36,5 +36,5 @@ if ! [ -f "${toolkit_path}/${program}.sh" ]; then print_help ${program} else shift - ${toolkit_path}/${program}.sh "$@" + exec ${toolkit_path}/${program}.sh "$@" fi diff --git a/nifi-toolkit/nifi-toolkit-assembly/docker/tests/exit-codes.sh b/nifi-toolkit/nifi-toolkit-assembly/docker/tests/exit-codes.sh new file mode 100755 index 000000000000..f0130d30c3b0 --- /dev/null +++ b/nifi-toolkit/nifi-toolkit-assembly/docker/tests/exit-codes.sh @@ -0,0 +1,35 @@ +#!/bin/bash + +set -xuo pipefail + +VERSION=${1:-} +IMAGE=apache/nifi-toolkit:${VERSION} + +echo "Testing return values on missing input:" +docker run --rm $IMAGE +test 0 -eq $? || exit 1 + +echo "Testing return values on invalid input for all commands:" +docker run --rm $IMAGE encrypt-config invalid 1>/dev/null 2>&1 +test 2 -eq $? || exit 1 + +docker run --rm $IMAGE s2s invalid 1>/dev/null 2>&1 +test 0 -eq $? || exit 1 + +docker run --rm $IMAGE zk-migrator invalid 1>/dev/null 2>&1 +test 0 -eq $? || exit 1 + +docker run --rm $IMAGE node-manager invalid 1>/dev/null 2>&1 +test 1 -eq $? || exit 1 + +docker run --rm $IMAGE cli invalid 1>/dev/null 2>&1 +test 255 -eq $? || exit 1 + +docker run --rm $IMAGE tls-toolkit invalid 1>/dev/null 2>&1 +test 2 -eq $? || exit 1 + +docker run --rm $IMAGE file-manager invalid 1>/dev/null 2>&1 +test 1 -eq $? || exit 1 + +docker run --rm $IMAGE flow-analyzer invalid 1>/dev/null 2>&1 +test 1 -eq $? || exit 1 diff --git a/nifi-toolkit/nifi-toolkit-assembly/docker/tests/tls-toolkit.sh b/nifi-toolkit/nifi-toolkit-assembly/docker/tests/tls-toolkit.sh new file mode 100755 index 000000000000..d58d2b7dcd54 --- /dev/null +++ b/nifi-toolkit/nifi-toolkit-assembly/docker/tests/tls-toolkit.sh @@ -0,0 +1,17 @@ +#!/bin/bash + +set -exuo pipefail + +VERSION=$1 +IMAGE=apache/nifi-toolkit:${VERSION} +CONTAINER=nifi-toolkit-$VERSION-tls-toolkit-integration-test + +TOKEN=D40F6B95-801F-4800-A1E1-A9FCC712E0BD + +trap " { docker rm -f $CONTAINER ; } " EXIT + +echo "Starting CA server using the tls-toolkit server command" +docker run -d --name $CONTAINER $IMAGE tls-toolkit server -t $TOKEN -c $CONTAINER + +echo "Requesting client certificate using the tls-toolkit client command" +docker run --rm --link $CONTAINER $IMAGE tls-toolkit client -t $TOKEN -c $CONTAINER diff --git a/nifi-toolkit/nifi-toolkit-assembly/pom.xml b/nifi-toolkit/nifi-toolkit-assembly/pom.xml index 1edc2d5e61c5..3d816cdf6879 100644 --- a/nifi-toolkit/nifi-toolkit-assembly/pom.xml +++ b/nifi-toolkit/nifi-toolkit-assembly/pom.xml @@ -28,6 +28,8 @@ language governing permissions and limitations under the License. --> src/main/resources/conf/config-client.json src/main/resources/conf/config-server.json + docker/tests/tls-toolkit.sh + docker/tests/exit-codes.sh @@ -182,6 +184,7 @@ language governing permissions and limitations under the License. --> 1000 1000 + ${project.version} apache/nifi-toolkit ${project.version} @@ -189,6 +192,38 @@ language governing permissions and limitations under the License. --> + + exec-maven-plugin + org.codehaus.mojo + + + Docker integration tests - exit codes + integration-test + + exec + + + + ${project.version} + + ${project.basedir}/docker/tests/exit-codes.sh + + + + Docker integration tests - tls-toolkit + integration-test + + exec + + + + ${project.version} + + ${project.basedir}/docker/tests/tls-toolkit.sh + + + + diff --git a/nifi-toolkit/nifi-toolkit-assembly/src/main/resources/bin/cli.sh b/nifi-toolkit/nifi-toolkit-assembly/src/main/resources/bin/cli.sh index 0ede918c85c7..509385938c52 100644 --- a/nifi-toolkit/nifi-toolkit-assembly/src/main/resources/bin/cli.sh +++ b/nifi-toolkit/nifi-toolkit-assembly/src/main/resources/bin/cli.sh @@ -111,8 +111,7 @@ run() { export NIFI_TOOLKIT_HOME="$NIFI_TOOLKIT_HOME" umask 0077 - "${JAVA}" -cp "${CLASSPATH}" ${JAVA_OPTS:--Xms128m -Xmx256m} org.apache.nifi.toolkit.cli.CLIMain "$@" - return $? + exec "${JAVA}" -cp "${CLASSPATH}" ${JAVA_OPTS:--Xms128m -Xmx256m} org.apache.nifi.toolkit.cli.CLIMain "$@" } diff --git a/nifi-toolkit/nifi-toolkit-assembly/src/main/resources/bin/encrypt-config.sh b/nifi-toolkit/nifi-toolkit-assembly/src/main/resources/bin/encrypt-config.sh index 891b5ad082ca..8a561ea3fe8b 100644 --- a/nifi-toolkit/nifi-toolkit-assembly/src/main/resources/bin/encrypt-config.sh +++ b/nifi-toolkit/nifi-toolkit-assembly/src/main/resources/bin/encrypt-config.sh @@ -111,8 +111,7 @@ run() { export NIFI_TOOLKIT_HOME="$NIFI_TOOLKIT_HOME" umask 0077 - "${JAVA}" -cp "${CLASSPATH}" ${JAVA_OPTS:--Xms128m -Xmx256m} org.apache.nifi.toolkit.encryptconfig.EncryptConfigMain "$@" - return $? + exec "${JAVA}" -cp "${CLASSPATH}" ${JAVA_OPTS:--Xms128m -Xmx256m} org.apache.nifi.toolkit.encryptconfig.EncryptConfigMain "$@" } diff --git a/nifi-toolkit/nifi-toolkit-assembly/src/main/resources/bin/file-manager.sh b/nifi-toolkit/nifi-toolkit-assembly/src/main/resources/bin/file-manager.sh index de7bfdc47699..ba1b666989ff 100644 --- a/nifi-toolkit/nifi-toolkit-assembly/src/main/resources/bin/file-manager.sh +++ b/nifi-toolkit/nifi-toolkit-assembly/src/main/resources/bin/file-manager.sh @@ -110,8 +110,7 @@ run() { export NIFI_TOOLKIT_HOME="$NIFI_TOOLKIT_HOME" umask 0077 - "${JAVA}" -cp "${CLASSPATH}" ${JAVA_OPTS:--Xms12m -Xmx24m} org.apache.nifi.toolkit.admin.filemanager.FileManagerTool "$@" - return $? + exec "${JAVA}" -cp "${CLASSPATH}" ${JAVA_OPTS:--Xms12m -Xmx24m} org.apache.nifi.toolkit.admin.filemanager.FileManagerTool "$@" } diff --git a/nifi-toolkit/nifi-toolkit-assembly/src/main/resources/bin/flow-analyzer.sh b/nifi-toolkit/nifi-toolkit-assembly/src/main/resources/bin/flow-analyzer.sh index 5c23b5501097..6785ae6634de 100755 --- a/nifi-toolkit/nifi-toolkit-assembly/src/main/resources/bin/flow-analyzer.sh +++ b/nifi-toolkit/nifi-toolkit-assembly/src/main/resources/bin/flow-analyzer.sh @@ -111,8 +111,7 @@ run() { export NIFI_TOOLKIT_HOME="$NIFI_TOOLKIT_HOME" umask 0077 - "${JAVA}" -cp "${CLASSPATH}" ${JAVA_OPTS:--Xms12m -Xmx24m} org.apache.nifi.toolkit.flowanalyzer.FlowAnalyzerDriver "$@" - return $? + exec "${JAVA}" -cp "${CLASSPATH}" ${JAVA_OPTS:--Xms12m -Xmx24m} org.apache.nifi.toolkit.flowanalyzer.FlowAnalyzerDriver "$@" } diff --git a/nifi-toolkit/nifi-toolkit-assembly/src/main/resources/bin/node-manager.sh b/nifi-toolkit/nifi-toolkit-assembly/src/main/resources/bin/node-manager.sh index dcc981b7414f..de2de01267d7 100644 --- a/nifi-toolkit/nifi-toolkit-assembly/src/main/resources/bin/node-manager.sh +++ b/nifi-toolkit/nifi-toolkit-assembly/src/main/resources/bin/node-manager.sh @@ -110,8 +110,7 @@ run() { export NIFI_TOOLKIT_HOME="$NIFI_TOOLKIT_HOME" umask 0077 - "${JAVA}" -cp "${CLASSPATH}" ${JAVA_OPTS:--Xms12m -Xmx24m} org.apache.nifi.toolkit.admin.nodemanager.NodeManagerTool "$@" - return $? + exec "${JAVA}" -cp "${CLASSPATH}" ${JAVA_OPTS:--Xms12m -Xmx24m} org.apache.nifi.toolkit.admin.nodemanager.NodeManagerTool "$@" } diff --git a/nifi-toolkit/nifi-toolkit-assembly/src/main/resources/bin/notify.sh b/nifi-toolkit/nifi-toolkit-assembly/src/main/resources/bin/notify.sh index 87f8706c35ff..9f2b063b4ddd 100644 --- a/nifi-toolkit/nifi-toolkit-assembly/src/main/resources/bin/notify.sh +++ b/nifi-toolkit/nifi-toolkit-assembly/src/main/resources/bin/notify.sh @@ -111,8 +111,7 @@ run() { export NIFI_TOOLKIT_HOME="$NIFI_TOOLKIT_HOME" umask 0077 - "${JAVA}" -cp "${CLASSPATH}" ${JAVA_OPTS:--Xms12m -Xmx24m} org.apache.nifi.toolkit.admin.notify.NotificationTool "$@" - return $? + exec "${JAVA}" -cp "${CLASSPATH}" ${JAVA_OPTS:--Xms12m -Xmx24m} org.apache.nifi.toolkit.admin.notify.NotificationTool "$@" } diff --git a/nifi-toolkit/nifi-toolkit-assembly/src/main/resources/bin/s2s.sh b/nifi-toolkit/nifi-toolkit-assembly/src/main/resources/bin/s2s.sh index 887dd12ce035..077fb77894ba 100644 --- a/nifi-toolkit/nifi-toolkit-assembly/src/main/resources/bin/s2s.sh +++ b/nifi-toolkit/nifi-toolkit-assembly/src/main/resources/bin/s2s.sh @@ -111,8 +111,7 @@ run() { export NIFI_TOOLKIT_HOME="$NIFI_TOOLKIT_HOME" umask 0077 - "${JAVA}" -cp "${CLASSPATH}" ${JAVA_OPTS:--Xms128m -Xmx256m} org.apache.nifi.toolkit.s2s.SiteToSiteCliMain "$@" - return $? + exec "${JAVA}" -cp "${CLASSPATH}" ${JAVA_OPTS:--Xms128m -Xmx256m} org.apache.nifi.toolkit.s2s.SiteToSiteCliMain "$@" } diff --git a/nifi-toolkit/nifi-toolkit-assembly/src/main/resources/bin/tls-toolkit.sh b/nifi-toolkit/nifi-toolkit-assembly/src/main/resources/bin/tls-toolkit.sh index e2452dd8233c..abd2d39833b3 100644 --- a/nifi-toolkit/nifi-toolkit-assembly/src/main/resources/bin/tls-toolkit.sh +++ b/nifi-toolkit/nifi-toolkit-assembly/src/main/resources/bin/tls-toolkit.sh @@ -111,8 +111,7 @@ run() { export NIFI_TOOLKIT_HOME="$NIFI_TOOLKIT_HOME" umask 0077 - "${JAVA}" -cp "${CLASSPATH}" ${JAVA_OPTS:--Xms12m -Xmx24m} org.apache.nifi.toolkit.tls.TlsToolkitMain "$@" - return $? + exec "${JAVA}" -cp "${CLASSPATH}" ${JAVA_OPTS:--Xms12m -Xmx24m} org.apache.nifi.toolkit.tls.TlsToolkitMain "$@" } diff --git a/nifi-toolkit/nifi-toolkit-assembly/src/main/resources/bin/zk-migrator.sh b/nifi-toolkit/nifi-toolkit-assembly/src/main/resources/bin/zk-migrator.sh index b593d698430e..dd1e097b20bc 100644 --- a/nifi-toolkit/nifi-toolkit-assembly/src/main/resources/bin/zk-migrator.sh +++ b/nifi-toolkit/nifi-toolkit-assembly/src/main/resources/bin/zk-migrator.sh @@ -111,8 +111,7 @@ run() { export NIFI_TOOLKIT_HOME="$NIFI_TOOLKIT_HOME" umask 0077 - "${JAVA}" -cp "${CLASSPATH}" ${JAVA_OPTS:--Xms12m -Xmx24m} org.apache.nifi.toolkit.zkmigrator.ZooKeeperMigratorMain "$@" - return $? + exec "${JAVA}" -cp "${CLASSPATH}" ${JAVA_OPTS:--Xms12m -Xmx24m} org.apache.nifi.toolkit.zkmigrator.ZooKeeperMigratorMain "$@" }